Items Tagged with "Policy"

Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...

June 26, 2012

"Policymakers are keenly focused on the development of smart, effective, robust cyber defenses... The tech sector wants to ensure that the digital world’s foundation of openness and collaboration is not lost to a well-intentioned but poorly constructed international patchwork of cyber defenses"...

"Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organizations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency"...

Attribution is hard because of the nature of attacks, which tend to have several stages and the whole attack is spread over a long period of time. It is of no help either that the Internet is governed by multiple jurisdictions so international cooperation is necessary but often lacking...

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

The US State Department cannot sign many treaties in cyberspace, and we cannot establish a lot of cooperation, because there is a lack of a definition or there is no established threshold for most of what we deal with. Part of that problem is that as soon as the ink dries, most of the conditions will change...

Senator Ron Wyden recently introduced a bill demanding access to draft texts of international trade agreements under negotiation such as the Trans-Pacific Partnership Agreement that carry provisions that could severely choke off users' rights on the Internet. This is a great positive step in the right direction...

In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness...

If you've chosen wisely, you environments across your public and private clouds are consistent. The big question is - how do we keep our environments consistent in the face of security requirements to push patches? The answers rely very heavily on automation and policy...

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

This doesn’t mean Twitter will stop collecting all data on you. They’ll still be able to collect aggregate data about your browsing habits for analytics and security, but they won’t set a cookie and they won’t use data to suggest users to you or for tailoring your Twitter experience...

Here's the problem - when it comes to critical infrastructure protection it's very difficult to legislate and regulate the organizations that matter into a state of better security. The problem is that in order to enforce policy and rules there either have to be consequences to failing, or incentives not to fail - or both...

They know your location, and they confirm what they grab whenever you connect to Facebook: “We receive data from the computer, mobile phone or other device you use to access Facebook. This may include your IP address, location, the type of browser you use, or the pages you visit”...

When you own something, especially a mobile device, there is a sense of entitlement that the individual has. So it's critical that you establish the fact that using a personal device to do company business is a privilege, not a right, and that privilege can be taken away...

Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...

There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...